unbound: Heap overflow and crash with multiple nsid, cookie, padding EDNS options

A flaw was found in Unbound, a Domain Name System DNS resolver. A remote attacker could trigger a heap overflow by sending specially crafted DNS reply packets. This occurs when Unbound attempts to encode multiple Name Server Identifier NSID or Extension Mechanisms for DNS EDNS Cookie options, or...

CVE-2026-47329 Incorrect validation of field size in Ubuntu Linux AppArmor notification responses

Ubuntu Linux 6.8, 6.17 and 7.0 contain SAUCE patches which fail to validate invalid sizes of the name field in AppAmor notification responses. The bug can be triggered by an unprivileged local user and could result in handling of crafted responses...

UBUNTU-CVE-2026-33262

An attacker can send replies that result in a null pointer dereference, caused by a missing consistency check and leading to a denial of service. Cookies are disabled by default...

EUVD-2017-7101

Malware in sbrugna...

EUVD-2019-11385

Malware in sbrugna...

EUVD-2025-24661

Malicious code in bioql PyPI...

go-git: Maliciously crafted Git server replies can lead to path traversal and RCE on go-git clients

A path traversal vulnerability was discovered in the go library go-git. This issue may allow an attacker to create and amend files across the filesystem when applications are using the default ChrootOS, potentially allowing remote code execution...

An issue was discovered in Qt 5.x before 5.15.14 6.x before 6.2.9 and 6.3.x through 6.5.x before 6.5.1. QDnsLookup has a buffer over-read via a crafted reply from a DNS server.

...

SUSE CVE-2012-4502

Multiple integer overflows in pktlength.c in Chrony before 1.29 allow remote attackers to cause a denial of service crash via a crafted 1 REQSUBNETSACCESSED or 2 REQCLIENTACCESSES command request to the PKLCommandLength function or crafted 3 RPYSUBNETSACCESSED, 4 RPYCLIENTACCESSES, 5...

CVE-2019-20848

An issue was discovered in Mattermost Mobile Apps before 1.26.0. The Quick Reply feature mishandles crafted replies...

Design/Logic Flaw

An issue was discovered in Mattermost Mobile Apps before 1.26.0. The Quick Reply feature mishandles crafted replies...

CVE-2019-20848

An issue was discovered in Mattermost Mobile Apps before 1.26.0. The Quick Reply feature mishandles crafted replies...

Buffer overflow

On Insteon Hub 2245-222 devices with firmware version 1012, specially crafted replies received from the PubNub service can cause buffer overflows on a global section overwriting arbitrary data. An attacker should impersonate PubNub and answer an HTTPS GET request to trigger this vulnerability. A...

DEBIAN-CVE-2017-15650

musl libc before 1.1.17 has a buffer overflow via crafted DNS replies because dnsparsecallback in network/lookupname.c does not restrict the number of addresses, and thus an attacker can provide an unexpected number by sending A records in a reply to an AAAA query...

bind: assertion failure while handling responses containing a DNAME answer

A denial of service flaw was found in the way BIND handled responses containing a DNAME answer. A remote attacker could use this flaw to make named exit unexpectedly with an assertion failure via a specially crafted DNS response...

CVE-2010-5111

Multiple buffer overflows in readline.c in Echoping 6.0.2 allow remote attackers to cause a denial of service crash and possibly execute arbitrary code via a crafted reply in the 1 TLSreadline or 2 SSLreadline function, related to the EchoPingHttps Smokeping probe...

Format string

Format string vulnerability in the incputerror function in src/inc.c in Sylpheed 2.4.4, and Sylpheed-Claws Claws Mail 1.9.100 and 2.10.0, allows remote POP3 servers to execute arbitrary code via format string specifiers in crafted replies...

CVE-2007-2958

Format string vulnerability in the incputerror function in src/inc.c in Sylpheed 2.4.4, and Sylpheed-Claws Claws Mail 1.9.100 and 2.10.0, allows remote POP3 servers to execute arbitrary code via format string specifiers in crafted replies...